Abstract:
Data protection or information security is one of the main pillars in any business and
the continuity of a business depends on data and privacy. The education sector is one
of the most important industries that deals with large amounts of data. Minors' data is
thought to be more reliable because it is more critical and significant. Overall purpose
of this research is to develop a specific and a well-structured framework to protect
minor’s data in K-12 schools in Australia. This framework is a less complex and an
easy to implement framework that can be implemented at K-12 schools in Australia to
defend against cyber-attacks. Major gaps that were identified in this research were the
lack of information security frameworks for the education domain, lack of cyber
security knowledge in general IT staff and the discontinuation of frameworks due to
the overhead.
This proposed framework consists of three major areas that will minimize the threats
that a K-12 school will face. Maintaining a secure infrastructure, secure information
governance and user awareness along with a maturity assessment model are the three
main areas that are covered in this research. This framework contains a structured
guideline which includes an implementation guideline for each security control. This
framework will also assist the users to assess the maturity level once the framework is
implemented.
The proposed framework will make K-12 schools more resilient to cyber-attacks and
information will be managed in a more structured approach. The prosed framework is
less complex and less technical, compared to other industry leading cyber security
frameworks. This is more focused towards data protection and managing minor’s data
securely. As a future enhancement to this study, it can also be developed furthermore
to cater other industries in other regions."
